#!/bin/bash
#基础安全配置
sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
echo "AllowUsers deployuser" >> /etc/ssh/sshd_config

#系统优化
echo "net.ipv4.tcp_tw_reuse=1" >> /etc/sysctl.conf
echo "vm.swappiness=10" >> /etc/sysctl.conf
sysctl -p 

#安装基础工具
yum check-update && yum install -y htop tmux git ntpdate fail2ban unattended-upgrades

#配置时区
timedatectl set-timezone Asia/Shanghai